|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
Allowing External Scans
Post 302961698 by hpuxguy on Wednesday 2nd of December 2015 02:26:49 PM
12-02-2015
Allowing External Scans
Hello!
I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for root access initially to scan the entire file system with. I denied the request and instead offered an account in the root group, but not with the permissions. I do not have the ability to change files or mkdir or even touch a file with the account, but am not sure I did it right. I am not an expert in the area, and am looking for a better way to accomplish this, or perhaps enhance what I have done. They will want to run the scan once a week, so having the account disable on a time schedule would be great too.
Any thoughts? Anyone done this before? Thanks!!!
I run an HP Unix system which I host oracle databases on, as well as oracle based apps used by my company. My IA department needs to scan my files to ensure I am following IA procedures and check for vulnerabilities in scripts etc. The scan is coming from corporate, and they asked for root access initially to scan the entire file system with. I denied the request and instead offered an account in the root group, but not with the permissions. I do not have the ability to change files or mkdir or even touch a file with the account, but am not sure I did it right. I am not an expert in the area, and am looking for a better way to accomplish this, or perhaps enhance what I have done. They will want to run the scan once a week, so having the account disable on a time schedule would be great too.
Any thoughts? Anyone done this before? Thanks!!!
|
|
8 More Discussions You Might Find Interesting
1. Programming
I've written a python program where I want to allow members of a specific group the ability to kill it, and I'm not sure how to do it. I've been looking at the setuid() and setgid() and similar functions in the os module, but haven't been able to get them to work. I can't seem to change the uid or... (1 Reply)
Discussion started by: vastcharade
1 Replies
2. Red Hat
I have encountered some problems in my school work.
Here is the question:
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
Much Appreciated!:) (1 Reply)
Discussion started by: wilsonljx
1 Replies
3. Homework & Coursework Questions
The server that provides the time synchronization must be configured to allow its clients to verify its authenticity using symmetric cryptography.
4. Singapore Polytechnic, Dover, Singapore,Mr Kam, and Computer Engineering
I don't think there is any coding since it is just configuring... (3 Replies)
Discussion started by: wilsonljx
3 Replies
4. UNIX and Linux Applications
Hello,
I am wondering if it is possible to allow rescursion into rsyncd modules. For example, I have a module set up like the following:
path = /home/backup
write only = yes
read only = no
auth users = backup
secrets file =... (1 Reply)
Discussion started by: tay9000
1 Replies
5. Red Hat
Hi Friends,
samba for annonymouse setup but not allowing me to write when i tried to browse from windows 7 box
conf as below
#testparm
Load smb config files from /etc/samba/smb.conf
Processing section ""
Processing section ""
Processing section ""
Loaded services file OK.
Server... (0 Replies)
Discussion started by: heman96
0 Replies
6. Cybersecurity
Hi guys, I'm trying to configure iptables to only allow certain ports access.
I set the first set of rules to block everything and then subsequently open ports as needed, but everything still seems to be blocked.
I have read that the order matters (new to iptables), perhaps this is an issue.... (6 Replies)
Discussion started by: 3therk1ll
6 Replies
7. AIX
As I do a ssh <nis_user>@server1 from server2, ssh prompts for certificates (as expected the first time), then it prompts for the users password, as soon as I enter the password, I get a Connection to server1 closed by remote host, and connection to server1 closed. and I disconnect back to the... (3 Replies)
Discussion started by: mrmurdock
3 Replies
8. UNIX for Advanced & Expert Users
Hello Gurus,
I want One user to su to another without allowing root access and password.
I want to run a specific command as below from user am663:
---------------------------------------------------------
sudo -u appsprj4 /home/appsrj4/scripts/start_apache.sh
-------------------
But... (6 Replies)
Discussion started by: pokhraj_d
6 Replies
LEARN ABOUT DEBIAN
setuidgid
setuidgid(8) System Manager's Manual setuidgid(8) NAME
setuidgid - runs another program under a specified account's uid and gid. SYNOPSIS
setuidgid account child DESCRIPTION
account is a single argument. child consists of one or more arguments. setuidgid sets its uid and gid to account's uid and gid, removing all supplementary groups. It then runs child. setuidgid cannot be run by anyone other than root. EXIT CODES
setuidgid exits 111 if it cannot find a UNIX account named account, if it cannot setgid, if it cannot setuid, or if it cannot run child. Otherwise its exit code is the same as that of child. SEE ALSO
supervise(8), svc(8), svok(8), svstat(8), svscanboot(8), svscan(8), readproctitle(8), fghack(8), pgrphack(8), multilog(8), tai64n(8), tai64nlocal(8), envuidgid(8), envdir(8), softlimit(8), setlock(8) http://cr.yp.to/daemontools.html setuidgid(8)